Dan Walsh's Blog

Got SELinux?

John Leyden wrote an interesting article Linux vulnerable to Windows-style autorun exploits, about how security researches had discovered that Linux is potentially vulnerable to a user sticking a USB device or CDRom into a locked machine. The basic idea was that "Nautilus" would execute thumbnail drive code, to display thumbnails icons in the file browsers based on the content on the removable media, even if the machine was locked. If the thumbnail executables were vulnerabile, a cracker could use the code used to process the thumbnail images to kill the screensaver/lock.

Never mind this, just plugging in a USB stick when you a logged in, could allow a cracker to take over your machine.

At that time, I wrote policy for all thumbnail drivers to be locked down with SELinux, but I only turned it on for confined users.I and other users have been running this confinement thoughout Fedora 16.